Hermes Ransomware

Hermes Ransomware is a malicious computer infection that enters your system to bully you into spending your money for a decryption key. This decryption key may not even work if the program loses its connection with the command and control center (C&C). Our main concern right now is to remove Hermes Ransomware from your system as soon as possible and then proceed with restoring your files from an external backup. The most annoying feature of ransomware infections is that often it is impossible to revert the consequences even if you remove the program from your computer. But even so, you should not give up.

Aside from trying to figure out how to get rid of this infection, you should also think of the ways to protect your system from similar threats. The best way to do that is to avoid such infections altogether. To avoid ransomware infections, you need to know how these programs spread. According to our research, this ransomware infection usually gets distributed via spam email messages. That is nowhere near “surprising” because spam is the most common distribution method employed by ransomware applications. And the most disturbing thing about this practice is that users download and install malware themselves.

This happens because the spam messages disguise as legitimate notifications from online stores or financial institutions. If you are an avid online shopper, you might be getting a lot of invoices on a regular basis, and a spam message might be able to slip in between these emails into your main inbox. However, it is quite easy to tell them apart from legitimate notifications. A spam email message will urge you to download and open the attached file, while a regular online shopping invoice will usually be embedded within the message itself. Needless to say, downloading and opening the attached file installs Hermes Ransomware on your computer.

The moment this infection enters your system, it scans your computer because it needs to find the file formats it can encrypt. Ransomware programs seldom encrypt every single file on the affected computer. After all, they need the computer the function properly, so that the user could transfer the ransom fee. Hence, our researchers have found that Hermes Ransomware usually encrypts most of the picture and document files. This would mean that when the encryption is complete, you would no longer be able to access most of your frequently-used files. And that is why the ransomware could push you into paying the ransomware.

The infection will inform about the ransom fee with its notification that will appear on your screen once the encryption is complete. You can find an extract from the message below:

All your important files are encrypted
Your files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC.
There is only one way to get your files back: contact us, pay, and get decryptor software.

The program requires you to contact the people behind it via the given email addresses. Please note that there is a primary and a reserve email, so it means that the connection between the infection and its C&C server may not be as strong as one would want it to be. And sometimes the main server might go offline if the proxy connection provider decides to withdraw their service. If that happens, you can no longer contact the cyber criminals behind this attack, and it is only natural that they cannot receive the payment for the decryption key. In fact, even if you could transfer the payment, you should never spend your money on this supposed decryption tool because there is no guarantee that Hermes Ransomware would provide it.

Instead, you should delete all the files associated with Hermes Ransomware from your computer and then run a full system scan to locate other potential threats. When the ransomware is removed, you can restore your files by transferring the healthy copies back to your drive from a system backup. Do not forget to delete the encrypted files first to avoid confusion.

Please transfer the healthy files back ONLY when Hermes Ransomware is completely removed because the infection might encrypt your good copies again. Also, to protect your system from other infections, you should refrain from opening unfamiliar files, and you could definitely acquire a legitimate antispyware application.